- Reported
-
- Issued
-
- Package
-
actix-web
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Details
-
https://github.com/actix/actix-web/issues/289
- Patched
-
Description
Affected versions contain multiple memory safety issues, such as:
- Unsoundly coercing immutable references to mutable references
- Unsoundly extending lifetimes of strings
- Adding the
Send
marker trait to objects that cannot be safely sent between threads
This may result in a variety of memory corruption scenarios, most likely use-after-free.
A significant refactoring effort has been conducted to resolve these issues.